Cybersecurity News

As temperatures continue to rise in Washington this week, some have already had their fair share of the heat and are headed for the door.

Included among the list of departures, Randy Vickers, director of the US Computer Emergency Readiness Team (US-CERT), resigned from his post suddenly Friday, leaving behind a series of questions and speculation as to what prompted his unexpected exit.

According to Reuters, one Homeland Security official said Monday that the department doesn’t plan to comment on what they call Vickers’ “personal matters.”  But others are suggesting that the series of recent cyber attacks against the Pentagon and other government agencies may have been too much for the director to handle.

Regardless of the circumstances, Lee Rock, US-CERT deputy director, will take the reigns as acting director until a new leader is named.

Meanwhile, across town, the Pentagon was also put under pressure Monday, as the Government Accountability Office (GAO) released a new report criticizing the Department of Defense (DoD) on its cyber operations and delayed response time following a series of cyber attacks and a major US military computer breach back in 2008.

In the 79-page report, “Defense Department Cyber Efforts: DOD Faces Challenges In Its Cyber Activities,” the GAO claims that “DOD has assigned authorities and responsibilities for implementing cyberspace operations among combatant commands, military services, and defense agencies; however, the supporting relationships necessary to achieve command and control of cyberspace operations remain unclear.”

To create cyber clarity, the report goes on to provide a set of recommendations it says the agency should take up in order to better address cybersecurity threats.  Those recommendations include:

• “Directing the Chairman of the Joint Chiefs of Staff in consultation with the Under Secretary of Defense for Policy and U.S. Strategic Command to establish a time frame for (1) deciding whether or not to proceed with a dedicated joint doctrine publication on cyberspace operations and for (2) updating the existing body of joint doctrine to include complete cyberspace-related definitions, and…
• Directing the appropriate officials in the Office of the Secretary of Defense, in coordination with the Under Secretary of Defense for Policy and the Joint Staff, to clarify DOD guidance on command and control relationships between U.S. Strategic Command, the services, and the geographic combatant commands regarding cyberspace operations, and establish a time frame for issuing the clarified guidance.”

Co-written by Davi D’Agostino, Director of Defense Capabilities and Management at the GAO, and by Gregory Wilshusen, GAO’s Director of Information Security Issues, a full-text of the report can be found here.

But if you don’t have time for all 79 pages of the report, be sure check out the following cybersecurity news headlines you may have missed:

Federal auditors scold IRS for slow notification of security breaches (Washington Post)

Senators demand answers on US cyber warfare policy (Bloomberg)

House panel approves cybersecurity standards bill (National Journal)

On cybersecurity, Congress can’t agree on turf (Washington Post)

DHS, DOD negotiating logistics of cyber partnership (Defense Systems)

Privacy controls to be included in NIST cybersecurity guidance (FierceGovIT)

DOD must overcome ‘Stone Age IT’ to keep competitive, official says (FCW)

Cloud cuts both ways when it comes to cybersecurity (Defense Systems)

Attacks focus DOD on cybersecurity partnerships (InformationWeek)

INTERNATIONAL ISSUES:

China-based spies said to be behind hacking of IMF computers (Bloomberg)

US signs cybersecurity agreement with India (The Hill)

America faced with wave of Chinese espionage (Daily Beast)

US hails progress with Russia on cybersecurity cooperation (NetworkWorld)

CYBER ATTACKS:

German security authorities hacked (PCWorld)

FBI arrests 16 in broad cyber attack crackdown (National Journal)

Hackers hit back with attack on Italian police (AFP)

Hacking groups say they are back after FBI arrests (Reuters)

Monsanto confirms Anonymous hacking attack (CNET)

LulzSec hacks The Times with brutal Murdoch death notice (Gizmodo)

Cyber attack steals $28K from small town (eSecurity Planet)

Lady Gaga’s website hacked by Swagsec (International Biz Times)

Clark College’s server down after cyber attack (The Columbian)

BUSINESS BUZZ:

Boeing acquiring info services company (UPI)

Industry backs highly skilled immigrants as lawmakers review case (The Hill)

Sony insurer says ‘no thanks’ to data breach lawsuit coverage (CRN)

CACI acquisition expands its federal cybersecurity solutions (WashingtonTech)

ManTech begins marketing cybersecurity services to other companies (Washington Post)

Cyber defense a boon for tech firms (KQED Radio)

OPINIONS ON INFOSEC:

Winnefeld: Military must prepare for range of conflicts (Defense.gov)

Sen. Bingaman: Action on electrical grid cybersecurity is needed (The Hill)

Rep Langevin: Beefing up the nation’s cybersecurity system (Washington Post)

Critics: US cybersecurity plan has holes, few new items (PCWorld)

Cybersecurity defenses need to evolve, experts say (FCW)

Dr Harknett: Safeguarding Web is just as key as protecting US borders (Cincinnati Enquirer)